Methods and nodes for enabling management of traffic
Abstract
A method, an operator network (101) and nodes (120, 140, 160) for managing trafficare disclosed. The network exposure node (160) receives (A010) a Packet Flow Description (PFD) rule for a server application (190). The PFD rule comprises one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters. The one or more protocol parameters comprise for example an indication relating to common names (CNS), an indication relating to a domain name system (DNS) domain name, a server name indication (SNI), an indication relating to fraud prevention, an indication relating to a server IP address. The network exposure node (160)transmits (A020) the PFD rule to the session node (140), which transmits (A040), towards the user data node (120), a management request comprising the PFD rule. The user data node (120) receives (A080), from the client application (115), traffic destined to the server application (190). The user data node (120) classifies (A090) the traffic in accordance with the PFD rule. The user data node (120) enforces (A100) actions for the classified traffic. Corresponding computer programs (603, 803, 003) and computer program carriers (605, 805, 1005) are also disclosed.
Claims
exact text as granted — not AI-modifiedThe invention claimed is:
1. A method, performed by a user data node, for managing traffic between a client application running in a communication device and a server application hosted by an application node, the method comprising:
receiving, from a session node, a management request comprising a Packet Flow Description (PFD) rule for the server application, wherein the PFD rule comprises a packet flow description identifier and one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters, wherein the one or more protocol parameters comprise one or more of:
an indication relating to common names (CNS),
a server name indication (SNI), wherein the SNI is used as a domain name,
an indication relating to HTTP-host,
an indication relating to HTTP-user-agent,
an indication relating to HTTP-content-type,
an indication relating to HTTP-GET,
an indication relating to HTTP-POST,
an indication relating to HTTP-PUT,
an indication relating to HTTP-PATCH, or
an indication relating to HTTP-Response-Codes;
receiving, from the client application, traffic destined to the server application;
classifying the traffic in accordance with the PFD rule, whereby classified traffic is obtained; and
enforcing actions for the classified traffic, wherein the actions are based on the PFD rule.
2. The method of claim 1 , wherein the PFD rule comprises a protocol identifier for identification of the protocol related to said one or more protocol parameters.
3. The method of claim 1 , wherein the indication relating to the server IP address further relates to a server port at OSI protocol stack layer 4 and/or layer 7.
4. The method of claim 1 , wherein said one or more protocol parameters comprise the indication of a DNS domain name, and the method further comprises:
obtaining, from a domain name node, a server IP address corresponding to the indication of the DNS domain name;
receiving, from the client application, further traffic identified by a destination IP address and a specific domain name; and
verifying that the destination IP address and the specific domain name match the obtained server IP address, before transmitting the further traffic towards the server application.
5. The method of claim 1 , wherein the method further comprises:
triggering, from the client application toward the user data node, a PDU session establishment procedure, and
starting, from the client application, the traffic destined to the server application.
6. The method of claim 1 , wherein the PFD rule comprises at least one of: a PFD version, a PFD origin, an MNO identifier identifying the mobile network operator for which the PFD rule applies, or configuration information.
7. A method, performed by a network exposure node, for enabling management of traffic between a client application running in a communication device and a server application hosted by an application node, the method comprising:
receiving, from the application node, a Packet Flow Description (PFD) rule for the server application, wherein the PFD rule comprises a packet flow description identifier and one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters, wherein the one or more protocol parameters comprise one or more of:
an indication relating to common names (CNS),
a server name indication (SNI), wherein the SNI is used as a domain name,
an indication relating to HTTP-host,
an indication relating to HTTP-user-agent,
an indication relating to HTTP-content-type,
an indication relating to HTTP-GET,
an indication relating to HTTP-POST,
an indication relating to HTTP-PUT,
an indication relating to HTTP-PATCH, or
an indication relating to HTTP-Response-Codes; and
transmitting, towards a session node, the PFD rule.
8. The method of claim 7 , wherein the PFD rule comprises a protocol identifier for identification of the protocol related to said one or more protocol parameters.
9. The method of claim 7 , wherein the indication relating to the server IP address further relates to a server port at OSI protocol stack layer 4 and/or layer 7.
10. The method of claim 7 , wherein the PFD rule comprises at least one of a PFD version, a PFD origin, an MNO identifier identifying the mobile network operator for which the PFD rule applies, and configuration information.
11. A user data node is configured for managing traffic between a client application running in a communication device and a server application hosted by an application node, wherein the user data node is configured for:
receiving, from a session node, a management request comprising a Packet Flow Description (PFD) rule for the server application, wherein the PFD rule comprises a packet flow description identifier and one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters, wherein the one or more protocol parameters comprise one or more of:
an indication relating to common names (CNS),
a server name indication (SNI), wherein the SNI is used as a domain name,
an indication relating to HTTP-host,
an indication relating to HTTP-user-agent,
an indication relating to HTTP-content-type,
an indication relating to HTTP-GET,
an indication relating to HTTP-POST,
an indication relating to HTTP-PUT,
an indication relating to HTTP-PATCH; and
an indication relating to HTTP-Response-Codes;
receiving, from the client application, traffic destined to the server application;
classifying the traffic in accordance with the PFD rule, whereby classified traffic is obtained; and
enforcing actions for the classified traffic, wherein the actions are based on the PFD rule.
12. The user data node of claim 11 , wherein the PFD rule comprises a protocol identifier for identification of the protocol related to said one or more protocol parameters.
13. The user data node of claim 11 , wherein the indication relating to the server IP address further relates to a server port at OSI protocol stack layer 4 and/or layer 7.
14. The user data node of claim 11 , wherein said one or more protocol parameters comprise the indication of a DNS domain name, and the user data node is configured for:
obtaining, from a domain name node, a server IP address corresponding to the indication of the DNS domain name;
receiving, from the client application, further traffic identified by a destination IP address and a specific domain name; and
verifying that the destination IP address and the specific domain name match the obtained server IP address, before transmitting the further traffic towards the server application.
15. The user data node of claim 11 , wherein the method further comprises:
triggering, from the client application toward the the user data node, a PDU session establishment procedure, and
starting, from the client application, the traffic destined to the server application.
16. The user data node of claim 11 , wherein the PFD rule comprises at least one of a PFD version, a PFD origin, an MNO identifier identifying the mobile network operator for which the PFD rule applies, and configuration information.
17. A network exposure node is configured for enabling management of traffic between a client application running in a communication device and a server application hosted by an application node, wherein the network exposure node is configured for:
receiving, from the application node, a Packet Flow Description (PFD) rule for the server application, wherein the PFD rule comprises a packet flow description identifier and one or more protocol parameters for classification of traffic using a protocol related to said one or more protocol parameters, wherein the one or more protocol parameters comprise one or more of:
an indication relating to common names (CNS),
a server name indication (SNI), wherein the SNI is used as a domain name,
an indication relating to HTTP-host,
an indication relating to HTTP-user-agent,
an indication relating to HTTP-content-type,
an indication relating to HTTP-GET,
an indication relating to HTTP-POST,
an indication relating to HTTP-PUT,
an indication relating to HTTP-PATCH, or
an indication relating to HTTP-Response-Codes; and
transmitting, towards a session node, the PFD rule.
18. The network exposure node of claim 17 , wherein the PFD rule comprises a protocol identifier for identification of the protocol related to said one or more protocol parameters.
19. The network exposure node of claim 17 , wherein the indication relating to the server IP address further relates to a server port at OSI protocol stack layer 4 and/or layer 7.
20. The network exposure node of claim 17 , wherein the PFD rule comprises at least one of a PFD version, a PFD origin, an MNO identifier identifying the mobile network operator for which the PFD rule applies, and configuration information.
21. The method of claim 1 , wherein
the one or more protocol parameters comprises an indication relating to CNS, and
the indication relating to CNS comprises a regular expression for identifying a set of Common Names.
22. The method of claim 1 , wherein
the one or more protocol parameters comprises an indication relating to SNI, and
the indication relating to SNI comprises a regular expression for identifying a set of sever names.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.